Flake: Add sops-nix

flake.lock

@@ -602,7 +602,28 @@
         "nixpkgs": "nixpkgs_2",
         "nixvim": "nixvim",
         "nps": "nps",
-        "nur": "nur"
+        "nur": "nur",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1751606940,
+        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     },
     "systems": {

flake.nix

@@ -16,10 +16,14 @@
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
-    # Agenix
+    # Manage secrets with agenix
     agenix.url = "github:ryantm/agenix";
     agenix.inputs.nixpkgs.follows = "nixpkgs";
 
+    # Manage secrets with sops
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+
     # Nix User Repository (e.g. Firefox addons)
     nur.url = "github:nix-community/NUR";
     nur.inputs.nixpkgs.follows = "nixpkgs";
@@ -141,6 +145,15 @@
     publicKeys.christoph = {
       ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAoJac+GdGtzblCMA0lBfMdSR6aQ4YyovrNglCFGIny christoph.urlacher@protonmail.com";
     };
+
+    # Extra NixOS system modules for all hosts.
+    # HM modules are passed through home/modules/default.nix instead.
+    commonModules = [
+      inputs.agenix.nixosModules.default
+      inputs.sops-nix.nixosModules.sops
+
+      # TODO: inputs.nix-topology.nixosModules.default
+    ];
   in {
     # Local shell for NixFlake directory
     devShells."${system}".default = import ./shell.nix {inherit pkgs;};
@@ -176,47 +189,36 @@
         hostname = "nixinator";
         username = "christoph";
         headless = false;
-
+        extraModules =
-        # Extra NixOS system modules.
+          []
-        # HM modules are passed through home/modules/default.nix
+          ++ commonModules;
-        extraModules = [
-          # TODO:
-          # inputs.nix-topology.nixosModules.default
-          inputs.agenix.nixosModules.default
-        ];
       };
       nixtop = mylib.nixos.mkNixosConfigWithHomeManagerModule {
         inherit system mylib publicKeys;
         hostname = "nixtop";
         username = "christoph";
         headless = false;
-        extraModules = [
+        extraModules =
-          # TODO:
+          []
-          # inputs.nix-topology.nixosModules.default
+          ++ commonModules;
-          inputs.agenix.nixosModules.default
-        ];
       };
       servenix = mylib.nixos.mkNixosConfigWithHomeManagerModule {
         inherit system mylib publicKeys;
         hostname = "servenix";
         username = "christoph";
         headless = true;
-        extraModules = [
+        extraModules =
-          # TODO:
+          []
-          # inputs.nix-topology.nixosModules.default
+          ++ commonModules;
-          inputs.agenix.nixosModules.default
-        ];
       };
       thinknix = mylib.nixos.mkNixosConfigWithHomeManagerModule {
         inherit system mylib publicKeys;
         hostname = "thinknix";
         username = "christoph";
         headless = true;
-        extraModules = [
+        extraModules =
-          # TODO:
+          []
-          # inputs.nix-topology.nixosModules.default
+          ++ commonModules;
-          inputs.agenix.nixosModules.default
-        ];
       };
 
       # These configurations don't include HM.

system/default.nix

@@ -271,13 +271,11 @@ with mylib.networking; {
     neovim.enable = true;
     nix-ld.enable = true; # Load dynamically linked executables
 
-    gnupg = {
+    gnupg.agent = {
-      agent = {
+      enable = true;
-        enable = true;
+      enableBrowserSocket = true;
-        enableBrowserSocket = true;
+      enableExtraSocket = true;
-        enableExtraSocket = true;
+      enableSSHSupport = true;
-        enableSSHSupport = true;
-      };
     };
 
     hyprland = {